Skip to content

Commit 09fb88e

Browse files
imabhichowimabhichow
committed
chore(cfn): add DescribeTable permission for legacy DDBEC support
1 parent 7dd705b commit 09fb88e

File tree

1 file changed

+7
-0
lines changed

1 file changed

+7
-0
lines changed

cfn/CI.yaml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -271,6 +271,13 @@ Resources:
271271
- !Sub "arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${SearchTestJavaTableName}/index/*"
272272
- !Sub "arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${SearchTestDotnetTableName}"
273273
- !Sub "arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${SearchTestDotnetTableName}/index/*"
274+
# See: https://docs.aws.amazon.com/database-encryption-sdk/latest/devguide/python-using.html#python-helpers
275+
# To use the client helper classes in DDBEC, the caller must have permission to call the DynamoDB DescribeTable operation on the target table.
276+
- Effect: Allow
277+
Action:
278+
- dynamodb:DescribeTable
279+
Resource:
280+
- !Sub "arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${TableName}"
274281

275282
KMSUsage:
276283
Type: "AWS::IAM::ManagedPolicy"

0 commit comments

Comments
 (0)